Hans-Christoph Steiner @eighthave@librem.one

Good thing the #Apple App Store is secure, it would be a shame if the #DigitalMarketsAct allowed alternative platforms to set up shop and start pushing fake software to #iOS devices...

Oh wait 👉 https://arstechnica.com/security/2024/02/a-password-manager-lastpass-calls-fraudulent-booted-from-app-store/

This week in F-Droid (TWIF) was just published again!

We explain the "unattended upgrades for everyone" in 1.19.0 of our client in more depth.

Additionally:
- we talk about Acode editor - Android code editor, MRepo, PiliPala, SIYuan, K-9 Mail, Rocket.Chat and SimpleX Chat.
- big apps like Gao&Blaze, TuxPaint and Katawa Shoujo: Re-Engineered got their own paragraph
- the spring-cleaning continues
- our recap of FOSDEM is also linked

https://f-droid.org/2024/02/08/twif.html

#FDroid

Totally impressed by the level of this blog post on de-obfuscation of an advanced packer

https://blog.quarkslab.com/dji-the-art-of-obfuscation.html

I hadn't ever seen the trick about "stealing bytecode" from methods from the ART class verification stage.

#Android #packer #secneo

"To restore Earth’s forests and mitigate climate change, states should devolve management rights to the communities in these land parcels and grant them secure tenure."

#rewilding #restoration #forests #climatechange

https://www.rewildingmag.com/the-best-way-to-restore-forests/

Big thanks to Kai-Chung Yan, Komal Sukhani (couldn't find them in the Fediverse), @eighthave and everyone else involved for packaging the open source parts of the Android SDK for Debian! 💙
With this I managed to revive an old Android app of mine that stopped working several years ago due to server-side changes.
#AndroidSDK #OpenSource #AndroidApp

Last weekend I co-organised a "EU policy devroom" at #FOSDEM, marking the end of a wild 17 month ride in EU policy land working on the #CyberResilienceAct.
A blog I just published provides an overview of CRA #FOSDEM content, including my personal story starting #FOSS policy engagement in Brussels.
I hope it will contribute to a shared understanding of how the #CRA will most likely affect developers of #opensource software. Feedback welcome.

https://blog.nlnetlabs.nl/what-i-learned-in-brussels-the-cyber-resilience-act/

Later this week, Let's Encrypt will stop including the cross-sign from Identrust's Root CA in our API by default. That cross-sign will expire later this year, so this is the first step in preparation for that.

This means devices which haven't gotten an updated root CAs that added Let's Encrypt may get errors. This mostly affects a small number of old Android devices (Version 7.0 and before), as most other operating systems update root CAs by default.

For most people, no action is necessary. To continue supporting old clients, or to control your rollout of this change, your ACME client can be configured to explicitly choose a chain to serve until June at which point we'll stop serving the cross-signed chain.

You can read all the details on our blog post at https://letsencrypt.org/2023/07/10/cross-sign-expiration.html

If you have any questions, happy to answer them over on our Community forum: https://community.letsencrypt.org/t/questions-regarding-shortening-the-lets-encrypt-chain-of-trust/201581

A week ago someone around here mentioned the #Android app StreetComplete, an app made to help people add data points that are missing on #OpenStreetMap ("Wikipedia for geographical information").

The app is super smooth and I fell down the rabbit hole hard - there's so much information missing for #Calgary #yyc! You walk around, you pay more attention to urban features, do it for a few days and you somehow end up in the worldwide top 50 this week 😯

Do it! It's fun!
#opensource #FOSS #OSM

Think tank funded by Big Tech argues #AI’s climate impact is nothing to worry about - https://www.theregister.com/2024/02/07/ai_climate_impact/ it's the "cryptocurrencies don't use much energy" argument all over again...

As part of #ISRG's work towards memory-safe infrastructure for the internet, @cpu has opened a merge request that implements TLS ECH support on the client side:
https://github.com/rustls/rustls/pull/1718

We agree that "the ECH spec is very challenging to implement and required a lot of trial/error" and we are working with #DEfO to help implementers. Please reach out if that is you:
https://defo.ie/#contact

#rustlang #rustls #TLS #ECH #EncryptClientHello

Mozilla added scanning of data broker sites to its privacy protecting Mozilla Monitor

https://blog.mozilla.org/en/mozilla/introducing-mozilla-monitor-plus-a-new-tool-to-automatically-remove-your-personal-information-from-data-broker-sites/

#mozilla #firefox #data #privacy

The White House just announced visa restrictions on those involved in spyware misuse. Are you a family member of someone misusing or facilitating spyware? You can be sanctioned as well! Great step to further delegitimise the highly invasive surveillance industry!

https://www.state.gov/announcement-of-a-visa-restriction-policy-to-promote-accountability-for-the-misuse-of-commercial-spyware/

The election year focus on 'deep fakes' is a distraction, conveniently ignoring the documented role of surveillance ads--or, the ability to target specific segments to shape opinion. This's a boon to Meta/Google, who've rolled back restrictions on political ads in recent years.

Put another way, a deep fake is neither here nor there unless you have a platform + tools to disseminate it strategically.

Do you share F-Droid repos with the NFC feature in our client app?

Background: the support for Android NFC Beam was removed in Android 14, so we probably have to remove this feature in the future. We want to know if anybody is impacted by this.

#FDroid

Hello #FOSDEM, this guy, Alberto Marti, announced 3bn euros for this open source European cloud project with an explicit focus on interoperability.That’s more than 2x the funding announced here back in December. Is there a link online for more info?

Did the other 2bn come from private sector investors?

https://digital-strategy.ec.europa.eu/en/news/ipcei-next-generation-cloud-infrastructure-and-services-boost-europes-digital-decade